Technique for securely communicating and storing programming material in a trusted domain
Abstract
A “trusted domain” is established within which content received from a communications network, e.g., a cable TV network, is protected from unauthorized copying thereof, in accordance with the invention. In an illustrative embodiment, the trusted domain includes a device associated with a user which receives content from the cable TV network. The content may be encrypted using a content key in accordance, e.g., with a 3DES encryption algorithm before it is stored in the device. In addition, a first encrypted content key version and a second encrypted content key version are generated by respectively encrypting the content key with a public key associated with the device and another public key associated with the user, in accordance with public key cryptography. The first and second encrypted content key versions are stored in association with the encrypted content in the device storage. The encrypted content can be migrated from a first device to a second device, and can be decrypted in the second device if the second device is associated with the same user, and also provided with the second encrypted content key version.
Claims
exact text as granted — not AI-modified1. A device for receiving encrypted content from a storage unit, the device and the storage unit both being associated with a user, the encrypted content being decrypted in the device using a first cryptographic element, the device comprising:
a first interface for receiving a first encrypted version of the first cryptographic element from the storage unit, the first encrypted version of the first cryptographic element being generated by encrypting the first cryptographic element using a second cryptographic element which is associated with the user, the first encrypted version of the first cryptographic element being provided to an apparatus remote from the device, the apparatus recovering the first cryptographic element based on at least the first encrypted version of the first cryptographic element and data representative of the user;
a second interface for receiving from the apparatus a second encrypted version of the first cryptographic element, the second encrypted version of the first cryptographic element being generated by encrypting the recovered first cryptographic element using a third cryptographic element which is associated with the device; and
a module for recovering the first cryptographic element to decrypt the encrypted content based on at least the second encrypted version of the first cryptographic element.
2. The device of claim 1 wherein the first interface includes the second interface.
3. The device of claim 1 wherein the content includes entertainment programming content.
4. The device of claim 1 wherein the first cryptographic element includes a secret key in accordance with a data encryption standard (DES) technique.
5. The device of claim 1 wherein the second cryptographic element includes an encryption key in accordance with a public key algorithm.
6. The device of claim 1 wherein the third cryptographic element includes an encryption key in accordance with a public key algorithm.
7. The device of claim 1 further comprising a terminal having storage.
8. The device of claim 1 further comprising a terminal having digital video recorder functions.
9. A method for use in a first device to which encrypted content is transported from a second device, the first device and the second device both being associated with a user, the encrypted content being decrypted in the first device using a first cryptographic element, the method comprising:
receiving a first encrypted version of the first cryptographic element from the second device, the first encrypted version of the first cryptographic element being generated by encrypting the first cryptographic element using a second cryptographic element which is unavailable to the first device and is associated with the user;
providing the first encrypted version of the first cryptographic element to an apparatus remote from the first device, the apparatus recovering the first cryptographic element based on at least the first encrypted version of the first cryptographic element and data representative of the user; receiving from the apparatus a second encrypted version of the first cryptographic element, the second encrypted version of the first cryptographic element being generated by encrypting the recovered first cryptographic element using a third cryptographic element which is associated with the first device; and
recovering the first cryptographic element to decrypt the encrypted content based on at least the second encrypted version of the first cryptographic element.
10. The method of claim 9 wherein the content includes entertainment programming content.
11. The method of claim 9 wherein the first cryptographic element includes a secret key in accordance with a DES technique.
12. The method of claim 9 wherein the second cryptographic element includes an encryption key in accordance with a public key algorithm.
13. The method of claim 9 wherein the third cryptographic element includes an encryption key in accordance with a public key algorithm.
14. A device for receiving encrypted content from a storage unit, the device and the storage unit both being associated with a user, the encrypted content being decrypted in the device using a first cryptographic element, the device comprising:
a first interface adapted to receive a first encrypted version of the first cryptographic element, the first encrypted version of the first cryptographic element being generated by encrypting the first cryptographic element using a second cryptographic element, and the first encrypted version of the first cryptographic element being unusable by the device;
a second interface adapted to receive a second encrypted version of the first cryptographic element, the second encrypted version of the first cryptographic element being generated by encryption of the first cryptographic element using a third cryptographic element which is associated with the device, the second encrypted version of the first cryptographic element being provided to the device by a remote entity in response to the device providing the entity the first encrypted version of the first cryptographic element; and
a module adapted to recover the first cryptographic element to decrypt the encrypted content based on at least the second encrypted version of the first cryptographic element.
15. The device of claim 14 , wherein said second cryptographic element is associated with the user, and the first encrypted version of the first cryptographic element is provided to an apparatus remote from the device, the apparatus being adapted to recover the first cryptographic element based on at least the first encrypted version of the first cryptographic element and data representative of the user.
16. The device of claim 15 , wherein said encryption of the first cryptographic element comprises encryption of the first cryptographic element recovered by said remote apparatus.
17. The device of claim 14 , wherein the first interface includes the second interface.
18. The device of claim 14 , wherein the content comprises entertainment programming content.
19. The device of claim 14 , wherein the first cryptographic element comprises a secret key in accordance with a symmetric cipher encryption technique.
20. The device of claim 14 , wherein the second cryptographic element includes an encryption key in accordance with a public key algorithm.
21. The device of claim 14 , wherein the third cryptographic element includes an encryption key in accordance with a public key algorithm.
22. The device of claim 14 , further comprising a set-top terminal having storage.
23. The device of claim 14 , further comprising a terminal having digital video recorder functions.
24. A device for processing encrypted content, comprising:
a first apparatus adapted to:
receive first data comprising a first cryptographic element after it has been encrypted using a second cryptographic element associated with a user; and
receive second data from a second apparatus remote to the device, the second data being received after it is confirmed that the device associated with the user, the second data comprising the first cryptographic element, after it has been encrypted using a third cryptographic element associated with said device;
a module adapted to recover the first cryptographic element from the second data; and
a module adapted to decrypt the encrypted content using the recovered first cryptographic element.
25. The device of claim 24 , wherein said first data is provided to an apparatus remote from the device, the remote apparatus being adapted to recover the first cryptographic element based on at least the first data and data representative of the user.
26. A method for operating a device for receiving encrypted content from a storage unit, the device, the storage unit, and a user all being associated with a subscriber account, the method comprising:
receiving at a first interface a first encrypted version of the first cryptographic element, the first encrypted version of the first cryptographic element being generated by encrypting the first cryptographic element using a second cryptographic element associated to the user;
receiving at a second interface a second encrypted version of the first cryptographic element from an apparatus remote to the device, the apparatus determining that the device and the user are both associated with the subscriber account, the second encrypted version of the first cryptographic element being generated by encryption of the first cryptographic element using a third cryptographic element which is associated with the device;
recovering the first cryptographic element; and
decrypting the encrypted content based on at least the second encrypted version of the first cryptographic element.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.